On Thu, Aug 12, 2021 at 07:08:33PM +0200, Vlastimil Babka wrote:
> > +/**
> > + * folio_mkwrite_check_truncate - check if folio was truncated
> > + * @folio: the folio to check
> > + * @inode: the inode to check the folio against
> > + *
> > + * Return: the number of bytes in the folio up to EOF,
> > + * or -EFAULT if the folio was truncated.
> > + */
> > +static inline ssize_t folio_mkwrite_check_truncate(struct folio *folio,
> > + struct inode *inode)
> > +{
> > + loff_t size = i_size_read(inode);
> > + pgoff_t index = size >> PAGE_SHIFT;
> > + size_t offset = offset_in_folio(folio, size);
> > +
> > + if (!folio->mapping)
>
> The check in the page_ version is
> if (page->mapping != inode->i_mapping)
>
> Why is the one above sufficient?
Oh, good question!
We know that at some point this page belonged to this file. The caller
has a reference on it (and at the time they acquired a refcount on the
page, the page was part of the file). The caller also has the page
locked, but has not checked that the page is still part of the file.
That's where we come in.
The truncate path looks up the page, locks it, removes it from i_pages,
unmaps it, sets the page->mapping to NULL, unlocks it and puts the page.
Because the folio_mkwrite_check_truncate() caller holds a reference on
the page, the truncate path will not free the page. So there are only
two possibilities for the value of page->mapping; either it's the same
as inode->i_mapping, or it's NULL.
Now, maybe this is a bit subtle. For robustness, perhaps we should
check that it's definitely still part of this file instead of checking
whether it is currently part of no file. Perhaps at some point in the
future, we might get the reference to the page without checking that
it's still part of this file. Opinions?
